whitewidow.rb

1. #!/usr/local/env ruby
2. require_relative 'lib/imports/constants_and_requires'
3.  
4. #
5. # Options banner
6. #
7. def banner_message
8. [
9. "USAGE: ruby #{$0} -[SHORT-OPTS] [ARGS] --[LONG-OPTS] [ARGS]".cyan.bold,
10. "Mandatory options : -[d|f|s] FILE|URL --[default|file|spider] FILE|URL".cyan.bold,
11. "Enumeration options: -[x] NUM --[dry-run|batch|run-x] NUM".cyan.bold,
12. "Anomity options : -[p] IP:PORT --[rand-agent|proxy] IP:PORT".cyan.bold,
13. "Processing options : -[D|c] DORK|NAME --[sqlmap|dork|column] DORK|NAME".cyan.bold,
14. "Misc options : -[l|b|u] --[legal|banner|beep|update]".cyan.bold,
15. "Dev options : --[test]".cyan.bold,
16. " " # Blank line for nice formatting
17. ].join("\n")
18. end
19.  
20. #
21. # Usage page, basic help page for commands
22. #
23. def usage_page
24. FORMAT.info("Check the README.md file for a list of flags and further information or go here: #{FUNCTION_PAGE_LINK}\n")
25. end
26.  
27. #
28. # Append into the OPTIONS constant so that we can call the flag from the constant instead of a class
29. #
30. ARGV << '-h' if ARGV.empty? # Display help dialog if no flags are passed
31. OptionParser.new do |opt|
32. opt.banner = banner_message
33. opt.on('-f FILE', '--file FILE', 'Pass a filename to scan for vulnerabilities') { |o| OPTIONS[:file] = o }
34. opt.on('-s URL', '--spider URL', 'Spider a web page and save all the URLS') { |o| OPTIONS[:spider] = o }
35. opt.on('-p IP:PORT', '--proxy IP:PORT', 'Configure to run with a proxy, must use ":"') { |o| OPTIONS[:proxy] = o }
36. opt.on('-x NUM', '--run-x NUM', 'Run the specified amount of dry runs') { |o| OPTIONS[:run] = o }
37. opt.on('-D DORK', '--dork DORK', 'Use your own dork to do the searching') { |o| OPTIONS[:dork] = o } # Issue #32 https://github.com/WhitewidowScanner/whitewidow/issues/32
38. opt.on('-d', '--default', 'Run in default mode, scrape Google') { |o| OPTIONS[:default] = o }
39. opt.on('-l', '--legal', 'Show the legal information and the TOS') { |o| OPTIONS[:legal] = o }
40. opt.on('-b', '--banner', 'Hide the banner') { |o| OPTIONS[:banner] = o }
41. opt.on('-v', '--version', 'Display the version number and exit') { |o| OPTIONS[:version] = o }
42. opt.on('-u', '--update', 'Update whitewidow with the newest version') { |o| OPTIONS[:update] = o }
43. opt.on('-S', '--search-engine', 'Configure whitewidow to use a random search engine') { |o| OPTIONS[:searchengine] = o }
44. opt.on('--dry-run', 'Run a dry run (no checking for vulnerability with prompt)') { |o| OPTIONS[:dry] = o }
45. opt.on('--batch', 'No prompts, used in conjunction with the dry run') { |o| OPTIONS[:batch] = o }
46. opt.on('--beep', 'Make a beep when the program finds a vulnerability') { |o| OPTIONS[:beep] = o }
47. opt.on('--rand-agent', 'Use a random user agent') { |o| OPTIONS[:agent] = o }
48. opt.on('--sqlmap', 'Run sqlmap through the SQL_VULN.LOG file as a bulk file') { |o| OPTIONS[:sqlmap] = o }
49. opt.on('--test', 'Used mostly for development use') { |o| OPTIONS[:test] = o }
50. opt.on('-h', '--help', 'Display this help dialog and exit') do
51. hidden = "--search-engine"
52. usage_page
53. puts opt.to_s.split("\n").delete_if { |line| line =~ /#{hidden}/ }.join("\n")
54. end
55. end.parse!
56.  
57. # This case statement has to be empty or the program won't read the options constants
58. begin
59. case
60. when OPTIONS[:default]
61. begin
62. SETTINGS.hide_banner?
63. SETTINGS.show_legal?
64. Whitewidow::Scanner.get_urls(OPTIONS[:proxy])
65. if File.size("#{SITES_TO_CHECK_PATH}") == 0
66. FORMAT.warning("No sites found for search query: #{SEARCH_QUERY}. Adding query to blacklist so it won't be run again.") # Add the query to the blacklist # File.open("#{QUERY_BLACKLIST_PATH}", "a+") { |query| query.puts(SEARCH_QUERY) }
67. FORMAT.info("Query added to blacklist and will not be run again, exiting..")
68. exit(1)
69. elsif OPTIONS[:dry]
70. #if OPTIONS[:dry]
71. dry = FORMAT.prompt('Run the sites[Y/N]') unless OPTIONS[:batch]
72. dry = 'N' if OPTIONS[:batch]
73. if dry.upcase == 'N'
74. FORMAT.info('Sites saved to file, will not run scan now..')
75. exit(0)
76. else
77. Whitewidow::Scanner.vulnerability_check(file_mode: false)
78. end
79. else
80. Whitewidow::Scanner.vulnerability_check(file_mode: false)
81. end
82. File.open("#{ERROR_LOG_PATH}", 'a+') {
83. |s| s.puts("No sites found with search query #{DEFAULT_SEARCH_QUERY}")
84. } if File.size("#{SITES_TO_CHECK_PATH}") == 0
85. File.truncate("#{SITES_TO_CHECK_PATH}", 0)
86. FORMAT.info("I'm truncating SQL_sites_to_check file back to #{File.size("#{SITES_TO_CHECK_PATH}")}")
87. FileUtils.copy(TEMP_VULN_LOG, SQL_VULN_SITES_LOG)
88. File.truncate("#{TEMP_VULN_LOG}", 0)
89. FORMAT.info("I've run all my tests and queries, and logged all important information into #{SQL_VULN_SITES_LOG}")
90. rescue *FATAL_ERRORS => e
91. File.open(ERROR_LOG_PATH, 'a+') { |error| error.puts("#{Date.today}\n#{e.backtrace}\n---") }
92. FORMAT.fatal("Issue template has been generated for this error, create a new issue named: #{SETTINGS.random_issue_name} #{e}")
93. FORMAT.info("An issue template has been generated for you and is located in #{ISSUE_TEMPLATE_PATH}")
94. SETTINGS.create_issue_page("Getting error: #{e}", e, "Run with #{OPTIONS}",
95. OPTIONS[:dork] == nil ? DEFAULT_SEARCH_QUERY : OPTIONS[:dork])
96. end
97. when OPTIONS[:file]
98. begin
99. SETTINGS.hide_banner?
100. SETTINGS.show_legal?
101. FORMAT.info('Formatting file')
102. Whitewidow::Scanner.format_file(OPTIONS[:file])
103. Whitewidow::Scanner.vulnerability_check(file_mode: true)
104. File.truncate("#{SITES_TO_CHECK_PATH}", 0)
105. FORMAT.info("I'm truncating SQL_sites_to_check file back to #{File.size("#{SITES_TO_CHECK_PATH}")}")
106. FileUtils.copy(TEMP_VULN_LOG, SQL_VULN_SITES_LOG)
107. File.truncate("#{TEMP_VULN_LOG}", 0)
108. FORMAT.info(
109. "I've run all my tests and queries, and logged all important information into #{SQL_VULN_SITES_LOG}"
110. ) unless File.size("#{SQL_VULN_SITES_LOG}") == 0
111. rescue *FATAL_ERRORS => e
112. File.open(ERROR_LOG_PATH, 'a+') { |error| error.puts("#{Date.today}\n#{e.backtrace}\n---") }
113. FORMAT.fatal("Issue template has been generated for this error, create a new issue named: #{SETTINGS.random_issue_name} #{e}")
114. FORMAT.info("An issue template has been generated for you and is located in #{ISSUE_TEMPLATE_PATH}")
115. SETTINGS.create_issue_page("Getting error: #{e}", e, "Run with #{OPTIONS}",
116. OPTIONS[:dork] == nil ? DEFAULT_SEARCH_QUERY : OPTIONS[:dork])
117. end
118. when OPTIONS[:legal]
119. SETTINGS.show_legal?
120. when OPTIONS[:run]
121. OPTIONS[:run].to_i.times do
122. system('ruby whitewidow.rb -d --dry-run --batch --banner')
123. end
124. FORMAT.info("#{OPTIONS[:run]} runs completed successfully.")
125. when OPTIONS[:sqlmap]
126. FORMAT.info("Launching sqlmap..")
127. if SETTINGS.sqlmap_config
128. system("#{File.read(SQLMAP_CONFIG_PATH)}")
129. else
130. system("#{File.read(SQLMAP_LAST_REQUEST_FILE)}")
131. File.open(SQLMAP_LAST_REQUEST_FILE, "a+").truncate(0)
132. end
133. when OPTIONS[:spider]
134. begin
135. if URI(OPTIONS[:spider]).query
136. arr = SPIDER_BOT.pull_links(OPTIONS[:spider])
137. SPIDER_BOT.follow_links(arr)
138. FORMAT.info("Found a total of #{File.open(BLACKWIDOW_LOG).readlines.size} links. Running them as file..")
139. system("ruby whitewidow.rb --banner -f #{BLACKWIDOW_LOG}")
140. File.truncate("tmp/blackwidow_log.txt", 0)
141. else
142. FORMAT.err("No valid query parameter found for: #{OPTIONS[:spider]}.")
143. FORMAT.err("URL should contain a query parameter. I.E. http://fakesite.com/php?id=2")
144. end
145. rescue *SPIDER_ERRORS => e
146. File.size(BLACKWIDOW_LOG) == 0 ? FORMAT.fatal("No sites obtained for #{OPTIONS[:spider]}, failed with #{e}") :
147. FORMAT.err("#{OPTIONS[:spider]} encountered an error and cannot continue. Running sites obtained so far")
148. system("ruby whitewidow.rb --banner -f #{BLACKWIDOW_LOG}") if File.size(BLACKWIDOW_LOG) != 0
149. end
150. when OPTIONS[:version]
151. FORMAT.info("Currently version: #{VERSION}")
152. exit
153. when OPTIONS[:update]
154. FORMAT.info("Updating to newest version..")
155. SETTINGS.update!
156. when OPTIONS[:test]
157. system('rspec')
158. else
159. exit(1)
160. end
161. rescue => e
162. FORMAT.err("Failed with error code #{e}")
163. if e.inspect =~ /OpenSSL::SSL::SSLError/
164. FORMAT.warning("Your user agent is bad, make an issue with the user agent")
165. FORMAT.info("Trying again with a different user agent") # Temp fix until I can fix the user agents.
166. begin
167. system("ruby whitewidow.rb -d --banner --rand-agent")
168. rescue OpenSSL::SSL::SSLError
169. FORMAT.fatal("User agent failed to load for the second time, running as default..")
170. system("ruby whitewidow.rb -d --banner")
171. end
172. elsif e.inspect =~ /tIDENTIFIER/
173. FORMAT.fatal("What we have here is a P.I.C.N.I.C. To run this program you need a Ruby version >=2.3.0.")
174. FORMAT.fatal("Your current ruby version: #{RUBY_VERSION}")
175. FORMAT.fatal("Download the latest Ruby by#{SETTINGS.ruby_download_link}")
176. exit(1)
177. else
178. FORMAT.fatal("Program failed with error code: #{e}, error saved to error_log.txt")
179. File.open(ERROR_LOG_PATH, 'a+') { |error| error.puts("#{Date.today}\n---\n#{e.backtrace}\n#{e.backtrace_locations}\n---\n") }
180. FORMAT.fatal("Issue template is being generated for this error, create a new issue named: #{SETTINGS.random_issue_name} #{e}")
181. SETTINGS.create_issue_page("Getting error: #{e}", e, "Run with #{OPTIONS}",
182. OPTIONS[:dork] == nil ? DEFAULT_SEARCH_QUERY : OPTIONS[:dork])
183. FORMAT.info("An issue template has been generated for you and is located in #{ISSUE_TEMPLATE_PATH}")
184. end
185. rescue Interrupt
186. FORMAT.err("User aborted scanning.")
187. exit(1)
188. end